Following a period of economic uncertainty, manufacturing is back on the rise, with an increased emphasis on digital processes and technology. Global manufacturers are now using advanced manufacturing technology to improve cost competitiveness, enhance processes and staff skills, and maintain connectivity with supplier ecosystems. While overall industry growth and digitization has benefited manufacturers, it has also resulted in increased cybersecurity risks.
Intellectual property (IP) and the valuable data that underpins the manufacturing ecosystem such as operations data, makes manufacturers a prime target for cyberattacks. IP can be anything from a manufacturing process to product plans to trade secrets. IP theft has proven to be very lucrative, with cybercriminals and even competitors going after product designs, manufacturing blueprints, unique implementation methods, source code and more. In fact, a Deloitte survey found that 35 percent of executives believed IP theft was the primary motive for cyberattacks at their company in the past 12 months — second only to financial theft. This combined with the fact that industrial control equipment can be an aging patchwork of vendors and equipment, none of it designed with security monitoring and management as a primary focus, makes the manufacturing industry more vulnerable than ever.
Why IP is a Hot Target
There are several motives for going after IP, the most obvious being monetary. Cybercriminals can steal IP and sell it on the Dark Web. They can also use it for extortion, pressuring manufacturers to pay up in order to keep the IP private.
Competitors also have a lot to gain by stealing IP. It can help improve their manufacturing processes without having to invest substantial funds in research and development. They can also use it to win bids and sales proposals unfairly. It’s like sending in a digital spy to figure out what competitors’ next moves could be and using that information to your advantage. Not only is this unethical, but stealing trade secrets is also illegal under the 1996 Economic Espionage Act — connected networks have just given criminals a new way in.
IP theft can cause considerable financial damage to an organization. According to the Theft of Intellectual Property Commission, IP theft costs U.S. companies as much as $600 billion a year.
Existing Security Challenges for Manufacturers
Manufacturers face many of the same cybersecurity challenges as other industries. However, there are some challenges that are more prevalent in the manufacturing industry. For starters, the overall lack of full control over the entire value chain. Current provisioning methods expose manufacturers to liability and risks for any security breach that occurs within the supply chain.
Another major concern is the production of black-market replicas. Counterfeiting is a widespread issue that can harm the original brand. When IP is stolen, criminals can produce identical looking products and use them for malicious intent beyond just making a profit. For example, they can input malware into the product, which would cause further harm to the brand’s reputation, not to mention the risks for end-users. These counterfeit products also hurt overall revenue for the brand, as buyers think they can get the products for cheap and therefore turn to the counterfeiters.
Interconnected IT and manufacturing infrastructure poses another challenge. The trend toward multi-cloud infrastructure combined with the increasing sophistication of attackers means manufacturers need a security architecture that goes beyond traditional perimeter-centric models.
Bringing Security to the Forefront
There are several strategies manufacturers can and should use to defend against these growing cyber threats. First and foremost, manufacturers need to prioritize data and figure out what would be the most damaging, should adversaries gain access. Conduct a risk and cost-benefit analysis to determine which data requires the highest level of security. Also, make sure that only necessary employees have access to the data deemed highly sensitive.
In order to gain more control over security when it comes to the supply chain, manufacturers should ensure they are thoroughly vetting all vendors’ security practices. For example, make sure OEM vendors provide secure items that couldn’t be compromised with malware. It’s also important to fully understand what data could be exposed through the supply chain. Work backwards from there to figure out what kind of safeguards you’d like your supply chain to have in place.
To combat the next major issue, black market goods, manufactures should turn to authentication. Authentication can be used for manufactured components once deployed, allowing end-customers to benefit from increased security, as they can identify and authenticate the devices, ensuring that they are not counterfeited. Not only does this help manufacturers prevent the production of counterfeit products, but it also helps customers protect themselves against possible malware-infected black-market products.
As manufacturing becomes increasingly connected, it’s vital that manufacturers adopt more modern security practices that go beyond a traditional perimeter security approach. It’s safe to assume that cybercriminals will hack into your network at some point. Therefore, it’s important to make sure that the most important data is locked up in a way that hackers couldn’t touch it, even if they break in. Encryption is essential to securing sensitive data such as IP within the network. By encrypting IP, and taking it a step further to secure the crypto keys, manufacturers can be confident that this valuable data is protected from hackers, even in the case of a breach and data exfiltration.
Digitization of the manufacturing industry has endless benefits that are still being realized. However, the industry must adapt its security standards to keep up with this rapid change. Losing IP to competitors can have serious consequences. Cybercriminals know this and will exploit it. By taking control over where IP is stored, how it’s stored and who has access to it, manufacturers can avoid falling victim to damaging breaches.
George Wainblat is the Director of Product Management at Unbound Technology.